Connecting Technology and Business.

Office 365
is the fastest growing SaaS offering globally. It is also the most targeted by
hackers today as phishing and Ransomware transform into business models in the
Dark Web world. Breaches come from emails and misused identities and the
attacks only accelerate by the minute. It is high time that Office 365 admins
hack-proof their environments – and it is possible with the tools available
from Microsoft – tools for studying, analyzing, warning and preventing attacks
and plugging vulnerabilities.

The recent
Wannacry ransomware attack has created a sense of panic among enterprises using
Office 365; remember other cloud services too, are not immune to hacking
attacks. Attackers use Social engineering to gain access to the victim’s
identity, data and device. It is a security attack vector that involves
tricking someone into breaking normal security procedures.

A social
engineer runs what used to be called a "con game." Techniques such as
appeal to vanity, appeal to authority and appeal to greed are often used in
social engineering attacks. Many social engineering exploits simply rely on
people's willingness to be helpful. For example, the attacker might pretend to
be a co-worker who has some kind of urgent problem that requires access to
additional network resources.

Popular
types of social engineering attacks include:

Baiting: Baiting is when an attacker leaves a malware-infected physical device, such as a USB flash drive in a place it is sure to be found. The finder then picks up the device and loads it onto his or her computer, unintentionally installing the malware.

Phishing: Phishing is when a malicious party sends a fraudulent email disguised as a legitimate email, often purporting to be from a trusted source. The message is meant to trick the recipient into sharing personal or financial information or clicking on a link that installs malware.

Spear phishing: Spear phishing is like phishing, but tailored for a specific individual or organization.

Pretexting: Pretexting is when one party lies to another to gain access to privileged data. For example, a pretexting scam could involve an attacker who pretends to need personal or financial data in order to confirm the identity of the recipient.

Scareware: Scareware involves tricking the victim into thinking his computer is infected with malware or has inadvertently downloaded illegal content. The attacker then offers the victim a solution that will fix the bogus problem; in reality, the victim is simply tricked into downloading and installing the attacker's malware.

Security
experts recommend that IT departments regularly carry out penetration tests
that use social engineering techniques. This will help administrators learn
which types of users pose the most risk for specific types of attacks while
also identifying which employees require additional training. Security awareness
training can go a long way towards preventing social engineering attacks. If
people know what forms social engineering attacks are likely to take, they will
be less likely to become victims.

Exchange
Online Protection (EOP)

Microsoft
Exchange Online Protection (EOP) is a cloud-based email filtering service that
helps protect your organization against spam and malware, and includes features
to safeguard your organization from messaging-policy violations. EOP can
simplify the management of your messaging environment and alleviate many of the
burdens that come with maintaining on-premises hardware and software.

Protection against Unsafe Attachments - With Safe Attachments, admins can prevent malicious attachments from impacting the messaging environment, even if their signatures are not known. All suspicious content goes through a real-time behavioral malware analysis that uses machine learning techniques to evaluate the content for suspicious activity.

Unsafe attachments are sandboxed in a detonation chamber before being sent to recipients. The advantage is a malware free and cleaner inbox with better zero-day attack protection.

Protection of the environment when users click malicious links - Safe Links expands on EOP by protecting the O365 environment when users click a link. While the content is being scanned, the URLs are rewritten to go through Office 365. The URLs are examined in real time, at the time a user clicks them. URL detonation provides deeper protection against malicious URLs. Not only does Microsoft check a list of malicious URLs when a user clicks on a link, but Office 365 will also perform real-time behavioural malware analysis in a sandbox environment to identify malicious attachments. URL reputation checks are part of Advanced Threat Protection. If a link is unsafe, the user is warned not to visit the site or informed that the site has been blocked. Reporting is available, so administrators can track which users clicked a link and when they clicked it.

Dynamic delivery— Better performance and lower latency for emails with attachments. Users will see a placeholder while attachments are scanned in a sandbox environment. If deemed safe, attachments are re-inserted into the email.

Rich reporting and tracking links in messages — Gaining critical insights into who is being targeted in the organization and the category of attacks the organization is facing. Reporting and message trace allow admins to investigate messages that have been blocked due to unknown viruses or malware, while URL trace capability allows admins to track individual malicious links in the messages that have been clicked. Get better insights to malware activity. Security admins will have a new reporting dashboard to see details of malware that Office 365 Advanced Threat Protection is analyzing.

Intelligence sharing with Windows Defender Advanced Threat Protection— Security admins will be able to see malware activity and relationships across Windows 10 and Office 365.

Threat Intelligence

The office 365 Threat Intelligence service provides information on security using data from various sources. The data is harvested via the Microsoft Intelligent security Graph technology. Organizations are being targeted with increasingly sophisticated attacks.

It also provides deep insights from cyber threat hunters to create a comprehensive view of malware trends around the world. In addition, Microsoft is integrating signals from Windows and Azure to help customers realize the full benefit of the Microsoft Cloud.

Security admins will see a dashboard with rich insights to do deep investigation of malware and will be able to integrate data with existing security management tools.

Threat Intelligence takes it a step further by alerting security admins and proactively creating and suggesting security policies to help protect against malware. For example, if analytics show that attacks are happening in the financial industry, the service will alert customers in finance and related areas to the trend. Threat Intelligence will also dynamically create and suggest additional security policies to help protect you before they get to
your network.

Advanced
Data Governance

Microsoft
has also brought Advanced Data Governance to Office 365 to help customers
manage the exploding volume and increasing complexity of corporate data. Microsoft
applies intelligence to help admins achieve organizational compliance and
automate data retention.

Enterprises
will be able to classify, set policy and take action on the data that is most
relevant for their organization and industry, with recommendations driven by
behavioral analysis and machine learning.

Advanced
Data Governance includes the following capabilities:

Import—Intelligently import only the data needed from on-premises and third-party archives using classifications such as age, data type, user or groups, sensitivity or importance.

Policies—Policy recommendations are provided, based on machine assisted insights of the data, classifications, tenant, organization, industry, geography and more. Recommendations may include delete, move, encrypt or share.

Retention—Intelligently preserve only what’s important to the organization by using classifications such as keywords, age, data type, user or group, sensitivity, importance. Integration with line-of-business systems allows admins to trigger retention based upon events, such as creation of a human resources record.

Advanced
Data Governance will help organizations apply the right actions to preserve
high value data and purge redundant or obsolete data.

Advanced
Security Management (ASM)

Microsoft
has launched Advanced Security Management to help give organizations visibility
and control over security in Office 365.

They
have added a new feature lately called Productivity App Discovery, which will
help IT pros and security operations teams understand their organization’s
usage of Office 365 and other productivity cloud services. This will help them
to better determine the extent to which shadow IT is occurring in their
organization.

Office 365 Secure
Score

The Office
365 Secure Score is available to help organization evaluate their security level
in Office 365. Secure Score analyzes an Office 365 organization’s security
based on their regular activities and security settings and assigns a score. It
is a credit score for security.

Secure
Score figures out what Office 365 services an organization is using (like
OneDrive, SharePoint, and Exchange) then looks at the settings and activities
and compares them to a baseline established by Microsoft. O365 admins get a
score based on how aligned they are with best security practices.

Using
Secure Score helps increase an organization’s security by encouraging them to
use the built-in security features in Office 365 (many of which they have
already purchased but might not be aware of). Learning more about these
features as they use the tool will help give them piece of mind that they are
taking the right steps to protect their organization from threats.

A cloud
kitchen or a digital restaurant is a fast growing trend that has quickly
established itself as a formidable restaurant format. Internet-first
restaurants are stepping on the gas and companies such as Zomato, Swiggy and Fresh
Menu have already started grabbing a slice of this fast-growing sector.

So what
is cloud kitchen a.k.a Internet-first restaurant?

A cloud kitchen is basically a restaurant kitchen
that accepts incoming orders only through online ordering systems and offers no
dine-in facility. They just have a central kitchen that delivers food at
customer’s doorsteps.

The primary source of revenue for these internet
restaurants is through the various food ordering platforms, such as Swiggy, Food
Panda, Zomato, etc. Critical to their business model is a Point of Sales
software that accepts orders from multiple sources.

Food,
at the click of a button

Digital technologies are reshaping our daily
experiences as consumers and businesses, and these cloud kitchens are no
exception. They have the potential to redefine the contours of the restaurant
business. For example, take Swiggy, the trending food delivery app that has its
roots in Bengaluru. It was the first among the crowd in the cut throat market to
venture cloud kitchen in India. Swiggy has set up ‘The Bowl Company’ in
Bengaluru joining hands with the popular restaurateurs to offer a wide selection
where the restaurant need not have a physical presence.

Following this, Zomato has opened its first cloud
kitchen in the suburb of Delhi, Dwarka as a pilot for its new project, Zomato
Infrastructure Services, in which they provide their partner restaurateurs with
300 square feet of space and kitchen equipment. So, an aspiring chef has to
just walk in and cook on gas while Zomato takes care of the rest. This could be
a great opportunity for budding chefs and entrepreneurs.

The
secret sauce!

Inexpensive access to pervasive computing power via
cloud and mobile technologies is the secret sauce. Market reports indicate that
Swiggy’s technology stack comprises of Amazon (EC2, RDS, Cloudfront and
Route53) while Zomato’s technology stack also includes Amazon Route53. With cloud and mobile technology facilitating
online ordering, cloud kitchens suddenly seem like the only rational thing to
do to manage the high rentals and poor margins in the F&B industry.

Why is
this restaurant stuff important for my business?

Just as cloud and mobile technologies are
redefining a traditional industry, the ramifications are just as huge for any
other business. It’s no longer about “technology has no role to play in my
business”. Chances are, if you don’t know how technology can impact your
business, your competitor already does.

With a plethora of services provided by cloud, every
business can benefit - from SMBs to large enterprises; from education to
hospitality. The cloud is like this huge
switchboard where anyone can plug in and use it when they want to but they
don’t have to carry the switchboard, they just use the “service”. Gone are the
days of expensive, complex IT infrastructure which deterred many businesses
from taking advantage of technology.

The cloud allows you to focus on what you do best -
run your business. You can move from being a reactive business to a proactive
business that offers transformational products and services. The cloud is also
highly resilient, especially during these trying times.

For instance, during an unprecedented natural
disaster like Cyclone Vardha, which shut down many businesses, or even during a watershed day like Flipkart’s Big Billion Day, the cloud has played
knight in shining armor through its various features like instant
scalability, disaster recovery, backup & restore and many more. A survey
says 60% of SMBs pull the plug after a disaster but with the advent of cloud
technology, they could surely turn the tables and cope up equally with large
businesses in this uphill battle.

Your
technology GPS

At Quadra, we can help you plan and prioritize your
cloud journey by helping you formulate well defined business objectives, along
with a business and risk analysis that considers multiple dimensions such as
long term cost savings; data criticality, security and privacy concerns; audit
and assurance; and regulatory norms, right down to service provider agreement
review.

Our job is simple – we put the cloud to work for your business, and
free you from the complexity of choosing and managing multiple vendors. We aim
to let you do what you do best – run your business!

The cloud offers many security benefits to
organizations, but also raises new security considerations. It can also add to
existing ones such as shadow IT, the use of software that is not formally
sanctioned by the organization. Office 365 Advanced Security Management,
a new set of capabilities powered by Microsoft Cloud App Security gives you greater visibility and control over your
Office 365 environment.

Discovery and insights - Get enhanced visibility into your Office 365 usage and shadow IT
without installing an end point agent.

Threat Detection

Advanced Security Management enables you to
set up anomaly detection policies, so you can be alerted to potential
breaches of your network. Anomaly detection works by scanning user
activities and evaluating their risk against over 70 different indicators,
including sign-in failures, administrator activity and inactive accounts. For
example, you can be alerted to impossible travel scenarios, such as if a user
signs in to the service to check their mail from New York and then two minutes
later is downloading a document from SharePoint Online in Tokyo.

Advanced Security Management also leverages
behavioral analytics as part of its anomaly detection to assess
potentially risky user behavior. It does this by understanding how users
typically interact with Office 365, spotting anomalies and giving the anomalous
activity a risk score to help IT decide whether to take further action.

Enhanced Control

Advanced Security Management lets you set
up activity policies that can track specific activities. With
out-of-the-box templates, IT can easily create policies that flag when someone
is downloading an unusually large amount of data, has multiple failed sign-in
attempts or signs in from a risky IP address. Policies can also be customized
to your environment. Using activity filters, IT can look for the location of a
user, device type, IP address or if someone is granted admin rights. Alerts can
be created to notify an IT lead immediately via email or text message.

Default activity policy templates that
are included:

Administrative activity from
a non-administrative IP address Alert when an admin
user performs an administrative activity from an IP address that is not
included in a specific IP range category.

User logon from a
non-categorized IP address Alert when a user logs
on from an IP address that is not included in a specific IP range category.

Mass download by a single
user Alert when a single user performs more than 30
downloads within 5 minutes.

Multiple failed user log on
attempts to an app Alert when a single user
attempts to log on to a single app, and fails more than 10 times within 5
minutes.

Logon from a risky IP
address Alert when a user logs on from a risky IP
address to your sanctioned services. The Risky IP category contains, by
default, anonymous proxies and TOR exits point.

After reviewing an alert and investigating
a user’s activities, IT may deem that the behavior is risky and want to stop
the user from doing anything else. This can be done directly from the alert.
Some activities may be deemed so risky that IT may want to immediately suspend
the account. To help with this, IT can configure the activity policy so that an
account is automatically suspended if that risky activity takes place.

Advanced Security Management also shows
which apps are connected to Office 365 in their environment, who is using
them and the permissions they have. For example, if a user grants a scheduling
application access to their Office 365 calendar data, IT will be able to see
the details of the connection and revoke that application’s permissions with
one click if they deem it a security risk.

Discovery and Insights

Advanced Security Management also provides
an app discovery dashboard that allows IT Pros to visualize your
organization’s usage of Office 365 and other productivity cloud services, so
you can maximize investments in IT-approved solutions. With the ability to
discover about 1,000 applications in categories like collaboration, cloud
storage, webmail and others, IT can better determine the extent to which shadow
IT is occurring in your organization. Advanced Security Management will also
give you details about the top apps in each category. For example, you can see
how much data is being sent to OneDrive for Business, Box, Dropbox and other
cloud storage providers.

You can do all this without installing
anything on device end points. To load the data into the dashboard, all you
have to do is take the logs from your network devices and upload them via an
easy-to-use interface.

Many organizations allow users to connect
apps to Office 365 without IT intervention to help them be more productive. The
challenge is that it reduces the visibility and control that IT has over what
apps are doing with the data. App Permissions as part of Office 365
Advanced Security Management can help mitigate that risk.

App Permissions provides information to IT
about which applications in their network have access to Office 365 data, what
permissions they have and which users granted these apps access to their Office
365 accounts.

Based on this information, IT admins can
choose to approve the app or revoke its access to Office 365. If they choose to
revoke permissions to the app, it will no longer be able to access the
information for any of the users in the Office 365 tenant. App Permissions also
makes it easy for IT admins to notify users who have installed the application
that is going to be banned.

Office 365 Videos is an intranet website
portal where people in your organization can post and view videos. It's a
streaming video service for your organization that's available with SharePoint
Online in Office 365. It's a great place to share videos of executive
communications or recordings of classes, meetings, presentations, or training
sessions.

You can have channels for particular subjects, for example, or for specific groups such as departments or teams

You see only the channels that you have permission to view

Uploading videos

To upload a video, you upload it to a specific channel.

You can upload multiple videos to a channel at the same time.

Anyone in your organization who has edit permission for a particular channel can upload videos to it

Editing information about a video

Providing information about a video will make it easier for other people to find it through search, and will provide additional context for it in Delve and the Office Graph.

You have to have owner or editor permission for the channel that the video is in

Owner and people metadata

Office 365 Video also shows who uploaded the video and the various people who are in the video.

This enhances the discoverability of the video and highlights the main speakers; it, too, enhances when and how your videos appear in other users’ Delve activity feeds pivoting off of the relevant context of who knows who

Changing a thumbnail for a video

After a video you've uploaded
to Office 365 Video has been processed and is ready to play, you can add a
custom thumbnail for the video or you can choose from one of the auto-generated
thumbnails provided.

Add subtitles or captions

Subtitles or captions are lines of text that appear at the bottom of a video and provide a transcript of the audio portion of the video

You can add subtitles or captions to any video by uploading one or more subtitle or caption files

Enhance HR practices. Reduce cost and initial training cycles for new employees by
creating a designated group with the onboarding resources they need, while
giving them access to subject matter experts across the organization.

Extend the reach of IT. Speed end-user adoption by sharing tips and tricks for new
products. Enable self-help, access to peer expertise, and a searchable
knowledge base to reduce total time to problem resolution.

Transform Your HR Organization

An engaged workforce means good things for
your company’s HR and Corporate Communications Organizations. With Yammer,
employees feel empowered to make a difference by contributing to recruiting
efforts, recognizing peer performance, and learning from experts throughout the
company or industry. Yammer increases employee engagement by giving every team
member a voice and the tools and information to do more.

Onboard new hires quickly. Enable new hires to ramp up faster and continue to develop their
skills over time as they learn from their peers.

Recognize top talent. Identify high performers and publicly recognize employees who do
great work - increasing engagement, satisfaction, and retention.

Gain insight into
performance. Keep up to date with what your team is
working on and the progress made.

Start a company dialogue. Connect with your coworkers and encourage two-way dialogues in order
to improve communication among teams, employees, managers, and executives.

Give employees a voice. Spark creativity and innovation by allowing all employees to share
ideas, offer feedback and help drive business results.

Transform Your Marketing Organization

Collaboration across teams and with
customers is critical to your organization’s marketing success. With Yammer,
you can engage with agencies to build high-impact campaigns across geographies,
share customer insights, and drive refined go-to market strategies. You can
also improve execution through real-time collaboration of collateral. Empower
your employees to become brand ambassadors and strengthen your competitive
position with Yammer.

Centralize information. Create one
workspace where designated teams can sync up and get projects done.

Accelerate collateral
development. Develop quality collateral much faster
and in real-time with colleagues, ensuring that the salesforce is always
equipped with the latest materials.

Create brand ambassadors. Easily ensure employees and partners are aligned with company
messaging and positioning.

Empower Your Sales Organization

Finding the right information at the right
time is critical to the success of your sales team. With Yammer, sales
representatives can tap into the collective knowledge of your organization to
close deals quickly and increase customer retention. Empower your teams to
instantly access expertise and information, gain a competitive advantage, and
secure deals faster.

Access and share key
information. Quickly distribute the latest key
messaging out to the entire field.

When you attach a
file in a cloud location such as OneDrive or SharePoint, Outlook will send your
recipients a link to the file. Permission to access the file is granted
automatically to every recipient. This makes collaboration easy because you
don't have to worry about attachments being dropped, and you can be sure that
everyone is collaborating on the same (and most up-to-date) version of the
file.

In Outlook, create a message.

Note: For an existing
message, click Reply, Reply All, or Forward.

On the ribbon, click Attach
File, and choose Browse Web Locations.

Choose OneDrive,
the file you want to attach, and then choose Insert.

In your email message,
choose the down arrow for the attachment.

Choose Change
Permissions, and then choose one of the following:

Recipients can Edit if you want
recipients to be able to modify the file.

Recipients can View, the default option,
if you want recipients to be able to read, but not modify, the file.

Microsoft wants to ensure that its Office 365customers have
access to the information that is relevant for them to perform a risk assessment
on Office 365 services—on demand. Access to this information should be
seamless.

To achieve these goals, they have released
the Service Assurance Dashboard as part of the Office 365 Security and
Compliance Center, which provides you immediate access to:

Details on
how Office 365 implements security, privacy and compliance controls including
details of how third-party independent auditors perform audits to test these
controls.

Information
on how you can leverage Office 365 security controls and configurations to
protect your data.

While there are many detailed insights
provided through Service Assurance, initial customer feedback indicates that
Audited Controls are particularly helpful. The Audited Controls feature in
Service Assurance helps you to understand how Office 365 protects customers' data by
detailing:

Test
status—Status of the Office 365 controls.

Control
implementation details—Explanation of how Office 365 implements a control.

Testing
performed to evaluate control effectiveness—How independent auditors test the
effectiveness of our security, compliance and privacy controls.

Organizations own the data they keep in the
cloud and they need to know how it is being handled at all times.

Microsoft is the industry leader in cloud
compliance for enterprise customers. With the Office 365 E5 plan, advanced
compliance is integrated into the service, so organizations can meet their
unique requirements using a single cloud service.

Microsoft recognizes that organizations want
control over access to content stored in cloud services. To maximize data
security and privacy for Office 365 customers, Microsoft has engineered the
service to require nearly zero interaction with customer content by Microsoft
employees. Access is obtained through a rigorous access control technology
called Customer Lockbox for Office 365, which helps enterprises meet compliance
obligations for explicit data access authorization. In the rare instance when a
Microsoft service engineer needs access to enterprise data, access control is
extended to you so that you grant final approval for access. Actions taken are
logged and accessible to you so that they can be audited.

Choose your language, workload, operating system

With support for Linux, Windows Server, SQL
Server, Oracle, IBM, and SAP, Azure Virtual Machines gives you the flexibility
of virtualization for a wide range of computing solutions—development and
testing, running applications, and extending your datacenter. It’s the freedom
of open-source software configured the way you need it. It’s as if it was
another rack in your datacenter, giving you the power to deploy an application
in minutes instead of weeks.

Get more choice

It’s all about choice for your virtual
machines. Choose Linux or Windows. Choose to be on-premises, in the cloud, or
both. Choose your own virtual machine image or download a certified
pre-configured image in our marketplace. With Virtual Machines, you’re in
control.

Scale to what you need

Combine the performance of a world-class
supercomputer with the scalability of the cloud. Scale from one to thousands of
virtual machine instances. Plus, with the growing number of regional Azure
datacenters, easily scale globally so you’re closer to where your customers
are.

Pay only for what you use

Keep your budget in check with low-cost,
per-minute billing. You only pay for the compute time you use.

Microsoft has announced an
update to the Office 365 people profile experience under Delve, which
consolidates the profile and activity pages to make it easier for users to
discover relevant content, connect with colleagues and find experts inside an
organization.

Learn
more about your colleagues

The new profile page gives
users a place to learn more about their colleagues, providing their contact
information, a photo, who they work for and a summary of their experience and
expertise, as well as discover their recent activity and a quick glimpse of
what they are working on. The profile is actionable, too. Users can start a
Skype chat, call or email to a colleague right from their profile page.
Remember, Delve only shows content that the user already has permission to see.

The whole experience is
responsive and looks great on any device.

Customize
User profile and quickly find documents

Users can give their Delve
profile a personal touch—upload a favorite profile photo, choose a unique
background or edit your expertise. Up-to-date profiles make it easier for
others to find out about the user and help the user when the user is looking
for information. From the user’s profile, users can also quickly and easily get
back to their documents, as well as see documents their most frequent contacts
are working on.

Delve is more useful and
intuitive than ever thanks to the new profile page. By connecting the users
with the content and the contacts who are relevant to them, Delve helps break
down silos and keeps the user in the know.

The new profile experience
has been rolled out to First Release Office 365 tenants over the past several weeks,
and Microsoft expects it to roll out to all eligible Office 365 customers by
the second quarter of 2016.

Delve is included in the
Office 365 Enterprise E1–E5 subscription plans (including the corresponding
A2–A4 and G1–G4 plans for Academic and Government customers, respectively).
Delve is also included in the Office 365 Business Essentials and Business
Premium plans.

Delve never changes any
permissions and only shows the users content that they already have permission
to view. Only they can see their private documents in Delve, and other people
can’t see their private activities—such as what documents they’ve read, what
emails they’ve sent and received or which Skype for Business conversations they
have participated in. Other people can see that they’ve modified a document,
but only if they have access to the same document.